<?php
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//
// DLMan by Shedd Technologies International		  				//
// http://www.dlman.com | info@dlman.com							//
// Copyright 2003 by STI, All rights reserved.						//
// ---------------------------------------------------------------- //
// Usage of this software is governed by the terms of GPL. 	    	//
//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//

require_once("global.php");
require_once("auth.php");
//change the user's password
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
	<title>Change Your Password</title>
<style type="text/css">
<!--
.prefinput{
	color: #333333;
	font-family: Verdana, Arial, Helvetica, sans-serif;
	font-size: 11px;
	font-weight: normal;
	border-color: #333333;
	text-indent: 2px; 
	border-top-width: 1px;
	border-right-width: 1px;
	border-bottom-width: 1px;
	border-left-width: 1px; 
	background: #f8f8f8;
}
.button {
	background-color: #F8F8F8;
	color: #333333;
	border-color: black;
	font-family: Verdana, Arial, Helvetica, sans-serif;
	font-size: 11px;
	font-weight : bold;
	border-top-width: 1px;
	border-right-width: 1px;
	border-bottom-width: 1px;
	border-left-width: 1px; 
}
-->
</style>
<script language="JavaScript" type="text/javascript">
//Verify password entry
function validForm(passForm){
	if(passForm.new_pass_one.value==""){
		alert("You must enter a password");
		passForm.new_pass_one.focus();
		return false
	}
	if(passForm.new_pass_one.value!=passForm.new_pass_two.value){
		alert("Entered passwords do NOT match");
		passForm.new_pass_one.focus();
		passForm.new_pass_one.select();
		return false
	}
	return true
}//end validForm()
</script>
</head>
<?php
if(!isset($stage)){
	//first step:
		//show password change fields
?>
<body>
<form action="<?php print $PHP_SELF; ?>" method="post" onSubmit="return validForm(this)">
<P><FONT face=Verdana size=2>Enter your existing password: </FONT><INPUT class=prefinput size=15 name=ex_pass type=Password></P>
<P><FONT face=Verdana size=2>Enter your new password: <INPUT class=prefinput size=15 name=new_pass_one type=Password></FONT></P>
<P><FONT face=Verdana size=2>Confirm your new password:</FONT> <INPUT class=prefinput size=15 name=new_pass_two type=Password></P>
<input type="hidden" name="stage" value="2">
<input type="submit" name="Submit" value="Proceed" class="button">
</form>
<?php
}
elseif($stage=="2"){
	//second step:
	//check existing password against DB's
	$sql="SELECT ".$config->field['password']." FROM ".$config->dt['user']." WHERE ".$config->field['username']."='$account'";
	$result=mysql_query($sql);
	$value=mysql_fetch_array($result);
	if($config->password=="md5"){
		if($value[$config->field['password']]!=md5($ex_pass)){
			die("The existing password that you entered was not correct. <a href=passchg.php>Please try again</a>.<br>$sql");
		}
	}
	else{
		if($value[$config->field['password']]!=$ex_pass){
			die("The existing password that you entered was not correct. <a href=passchg.php>Please try again</a>.<br>$sql");
		}
	}
	//if correct, check the two passwords for equality
	if($new_pass_one!=$new_pass_two){
			die("The new passwords that you entered did not match. <a href=passchg.php>Please try again</a>.<br>$sql");
	}
	//ask for confirmation
?>
<body>
<form action="<?php print $PHP_SELF; ?>" method="post">
Do you want to proceed?&nbsp;<input type="checkbox" name="continue" value="yes" class=prefinput>
<input type="hidden" name="stage" value="3">
<input type="hidden" name="password" value="<?php print $new_pass_two; ?>">
<input type="submit" name="Submit" value="Change" class="button">
</form>
<?php
}
elseif($stage=="3"){
	//third step:
		//make change, close button, run main window refresh
		if($continue=="yes"){
			//do db change
			if($config->password=="md5"){
				$sql="UPDATE ".$config->dt['user']." SET ".$config->field['password']."='".md5($password)."' WHERE ".$config->field['username']."='$account';";
			}
			else{
				$sql="UPDATE ".$config->dt['user']." SET ".$config->field['password']."='$password' WHERE ".$config->field['username']."='$account';";
			}
			if(!$result=mysql_query($sql)){
				print "<p>Error in updating data!<br>";
				print mysql_error();
				print '<br><a href="';
				print $PHP_SELF;
				print '">Click Here to try again</a><br><br>';
				print "$sql</p>";
			}//end error
		}
	//print HTML
	?>
<body onUnload="opener.location.href = index.php?action=logout">
<b>The password modification has been completed.</b><br>
When you click the button below, DLMan will log you out.  You will need to log in under the new password.
<form method="post">
<input type="button" value="Close" class="button" onclick="window.close()">
</form>
	<?php
}
?>
</body>
</html>	
